linkedin
Application Security Engineer
Opendoor
Miami, QAT
Full Time
Senior
Hybrid
4 weeks ago
GoPythonTypeScriptRubyTerraformKubernetes
Free
Job Fit Check
Base Career helps you apply smarter for this job.
?%
Ready to ScanKey skills for this role
GoPythonTypeScript
About the Role
Opendoor is looking for an Application Security Engineer to own application-layer risk across consumer flows and APIs. You will build vulnerability identification capabilities, mature the bug bounty program, and partner with engineering teams.
Key Skills for This Role
GoPythonTypeScriptRubyTerraformKubernetes
Responsibilities
- Define, build and operate Opendoor’s application vulnerability identification capability
- Assess, rationalize and own AppSec tooling stack including SAST, DAST, and secrets scanning
- Own and mature HackerOne program
- Lead threat modeling and security design reviews for new services, APIs, and mobile features
- Build AI agents and automated workflows for vulnerability triage and remediation
- Partner with engineering teams to harden authentication, authorization, and input validation
- Build Opendoor’s offensive security capability through internal testing and red team exercises
- Set the bar for secure by default for AI maximalist engineering
Requirements
- 5+ years of application security or software engineering experience with a security focus
- Strong skills in at least one of Python, Go, TypeScript, or Ruby
- Hands on expertise with GitHub Advanced Security, Semgrep, or equivalent
- Strong grasp of common application and API vulnerability classes including GraphQL, REST, and gRPC security pitfalls
- Practical threat modeling skills
- Experience with cloud and container security on AWS and Kubernetes
- Business enablement security mindset
Full Job Posting
About the Role
- Our Security Engineering team builds intelligent systems that protect Opendoor and our customers while enabling unprecedented engineering velocity.
- As our Application Security Engineer, you'll own how we find, prioritize, and drive down application layer risk across consumer flows, GraphQL APIs, and AI tools.
What You'll Do
- Define, build and operate Opendoor’s application vulnerability identification capability.
- Assess, rationalize and own our AppSec tooling stack.
- Own and mature our HackerOne program.
- Lead threat modeling and security design reviews for new services, APIs, and mobile features.
- Build AI agents and automated workflows that triage vulnerability reports.
- Partner with engineering teams to harden authentication, authorization, and input validation.
- Build Opendoor’s offensive security capability.
- Set the bar for what 'secure by default' looks like for AI maximalist engineering.
What You'll Need
- Deep conviction that AI and automation should eliminate manual work.
- Comfort operating with high autonomy in ambiguous environments.
- Business enablement security mindset.
- 5+ years of application security or software engineering experience with a security focus.
- Hands on expertise across the security risk detection toolchain.
- Strong grasp of common application and API vulnerability classes.
- Practical threat modeling skills.
- Experience with cloud and container security on AWS and Kubernetes.
- Humility and genuine curiosity.
Tech Stack
- Languages: Go, Python, TypeScript, Ruby, Terraform
- Cloud: AWS, GCP, Azure, Kubernetes, Apollo GraphQL
- AppSec Tooling: GitHub Advanced Security (CodeQL, Dependabot, secret scanning), Semgrep, HackerOne, Burp Suite, Cloudflare WAF
- AI Tooling: Claude, OpenAI, various agent frameworks, MCP
Bonus Points
- Offensive security experience including pentesting, API security, or mobile security.
- Experience running a bug bounty or coordinated disclosure program at scale.
- Mobile application security review experience (iOS and Android).
- Experience securing AI and machine learning pipelines.
- OSCP, OSWE, or similar offensive certifications.
Location
- This role is based in our downtown Miami office, in person four days per week (Monday, Tuesday, Thursday, Friday).
- Candidates must be based within commuting distance of the office.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career